Check for packet with truncated DTLS cookie.

Flip pointer comparison logic to avoid beyond-end-of-buffer pointers to make it less likely a compiler will decide to screw you. Based on parts of openssl commits 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and 89c2720298f875ac80777da2da88a64859775898 ok jsing@
author: guenther <> 2016-09-22 07:17:41 +0000
committer: guenther <> 2016-09-22 07:17:41 +0000
commit: b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83 (patch)
tree: af52012db7582da743de7c090820031301f671ca /src
parent: b8e79b960794be13c34694d468ef9fb44e70a355 (diff)
download: openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.tar.gz
openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.tar.bz2
openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.zip
1 files changed, 17 insertions, 12 deletions
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 9fe96de53e..d2a03e05d2 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.126 2016/05/30 13:42:54 beck Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.127 2016/09/22 07:17:41 guenther Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -776,21 +776,26 @@ ssl3_get_client_hello(SSL *s)
        }
        /*
-         * If we require cookies and this ClientHello doesn't
+         * If we require cookies (DTLS) and this ClientHello doesn't
         * contain one, just return since we do not want to
         * allocate any memory yet. So check cookie length...
         */
        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
                unsigned int session_length, cookie_length;
+                if (p - d + SSL3_RANDOM_SIZE + 1 >= n)
+                        goto truncated;
                session_length = *(p + SSL3_RANDOM_SIZE);
-                cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+                if (p - d + SSL3_RANDOM_SIZE + session_length + 1 >= n)
+                        goto truncated;
+                cookie_length = p[SSL3_RANDOM_SIZE + session_length + 1];
                if (cookie_length == 0)
                        return (1);
        }
-        if (p + SSL3_RANDOM_SIZE + 1 - d > n)
+        if (p - d + SSL3_RANDOM_SIZE + 1 > n)
                goto truncated;
        /* load the client random */
@@ -799,7 +804,7 @@ ssl3_get_client_hello(SSL *s)
        /* get the session-id */
        j= *(p++);
-        if (p + j - d > n)
+        if (p - d + j > n)
                goto truncated;
        s->hit = 0;
@@ -839,7 +844,7 @@ ssl3_get_client_hello(SSL *s)
        if (SSL_IS_DTLS(s)) {
                /* cookie stuff */
-                if (p + 1 - d > n)
+                if (p - d + 1 > n)
                        goto truncated;
                cookie_len = *(p++);
@@ -856,7 +861,7 @@ ssl3_get_client_hello(SSL *s)
                        goto f_err;
                }
-                if (p + cookie_len - d > n)
+                if (p - d + cookie_len > n)
                        goto truncated;
                /* verify the cookie if appropriate option is set. */
@@ -888,7 +893,7 @@ ssl3_get_client_hello(SSL *s)
                p += cookie_len;
        }
-        if (p + 2 - d > n)
+        if (p - d + 2 > n)
                goto truncated;
        n2s(p, i);
        if ((i == 0) && (j != 0)) {
@@ -898,7 +903,7 @@ ssl3_get_client_hello(SSL *s)
                    SSL_R_NO_CIPHERS_SPECIFIED);
                goto f_err;
        }
-        if (p + i - d > n)
+        if (p - d + i > n)
                goto truncated;
        if (i > 0) {
                if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
@@ -931,10 +936,10 @@ ssl3_get_client_hello(SSL *s)
        }
        /* compression */
-        if (p + 1 - d > n)
+        if (p - d + 1 > n)
                goto truncated;
        i= *(p++);
-        if (p + i - d > n)
+        if (p - d + i > n)
                goto truncated;
        for (j = 0; j < i; j++) {
                if (p[j] == 0)
@@ -1655,7 +1660,7 @@ ssl3_get_client_key_exchange(SSL *s)
                        /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
                }
-                if (p + 2 - d > n)      /* needed in the SSL3 case */
+                if (p - d + 2 > n)      /* needed in the SSL3 case */
                        goto truncated;
                if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
                    (p[1] == (s->client_version & 0xff)))) {
author	guenther <>	2016-09-22 07:17:41 +0000
committer	guenther <>	2016-09-22 07:17:41 +0000
commit	b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83 (patch)
tree	af52012db7582da743de7c090820031301f671ca /src
parent	b8e79b960794be13c34694d468ef9fb44e70a355 (diff)
download	openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.tar.gz openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.tar.bz2 openbsd-b6f7bfed7cb7f244a19ca2235b58ec8d1ba19b83.zip

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 9fe96de53e..d2a03e05d2 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_srvr.c,v 1.126 2016/05/30 13:42:54 beck Exp $ */	1	/* $OpenBSD: s3_srvr.c,v 1.127 2016/09/22 07:17:41 guenther Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -776,21 +776,26 @@ ssl3_get_client_hello(SSL *s)
776	}	776	}
777		777
778	/*	778	/*
779	* If we require cookies and this ClientHello doesn't	779	* If we require cookies (DTLS) and this ClientHello doesn't
780	* contain one, just return since we do not want to	780	* contain one, just return since we do not want to
781	* allocate any memory yet. So check cookie length...	781	* allocate any memory yet. So check cookie length...
782	*/	782	*/
783	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {	783	if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
784	unsigned int session_length, cookie_length;	784	unsigned int session_length, cookie_length;
785		785
		786	if (p - d + SSL3_RANDOM_SIZE + 1 >= n)
		787	goto truncated;
786	session_length = *(p + SSL3_RANDOM_SIZE);	788	session_length = *(p + SSL3_RANDOM_SIZE);
787	cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);	789
		790	if (p - d + SSL3_RANDOM_SIZE + session_length + 1 >= n)
		791	goto truncated;
		792	cookie_length = p[SSL3_RANDOM_SIZE + session_length + 1];
788		793
789	if (cookie_length == 0)	794	if (cookie_length == 0)
790	return (1);	795	return (1);
791	}	796	}
792		797
793	if (p + SSL3_RANDOM_SIZE + 1 - d > n)	798	if (p - d + SSL3_RANDOM_SIZE + 1 > n)
794	goto truncated;	799	goto truncated;
795		800
796	/* load the client random */	801	/* load the client random */
@@ -799,7 +804,7 @@ ssl3_get_client_hello(SSL *s)
799		804
800	/* get the session-id */	805	/* get the session-id */
801	j= *(p++);	806	j= *(p++);
802	if (p + j - d > n)	807	if (p - d + j > n)
803	goto truncated;	808	goto truncated;
804		809
805	s->hit = 0;	810	s->hit = 0;
@@ -839,7 +844,7 @@ ssl3_get_client_hello(SSL *s)
839		844
840	if (SSL_IS_DTLS(s)) {	845	if (SSL_IS_DTLS(s)) {
841	/* cookie stuff */	846	/* cookie stuff */
842	if (p + 1 - d > n)	847	if (p - d + 1 > n)
843	goto truncated;	848	goto truncated;
844	cookie_len = *(p++);	849	cookie_len = *(p++);
845		850
@@ -856,7 +861,7 @@ ssl3_get_client_hello(SSL *s)
856	goto f_err;	861	goto f_err;
857	}	862	}
858		863
859	if (p + cookie_len - d > n)	864	if (p - d + cookie_len > n)
860	goto truncated;	865	goto truncated;
861		866
862	/* verify the cookie if appropriate option is set. */	867	/* verify the cookie if appropriate option is set. */
@@ -888,7 +893,7 @@ ssl3_get_client_hello(SSL *s)
888	p += cookie_len;	893	p += cookie_len;
889	}	894	}
890		895
891	if (p + 2 - d > n)	896	if (p - d + 2 > n)
892	goto truncated;	897	goto truncated;
893	n2s(p, i);	898	n2s(p, i);
894	if ((i == 0) && (j != 0)) {	899	if ((i == 0) && (j != 0)) {
@@ -898,7 +903,7 @@ ssl3_get_client_hello(SSL *s)
898	SSL_R_NO_CIPHERS_SPECIFIED);	903	SSL_R_NO_CIPHERS_SPECIFIED);
899	goto f_err;	904	goto f_err;
900	}	905	}
901	if (p + i - d > n)	906	if (p - d + i > n)
902	goto truncated;	907	goto truncated;
903	if (i > 0) {	908	if (i > 0) {
904	if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)	909	if ((ciphers = ssl_bytes_to_cipher_list(s, p, i)) == NULL)
@@ -931,10 +936,10 @@ ssl3_get_client_hello(SSL *s)
931	}	936	}
932		937
933	/* compression */	938	/* compression */
934	if (p + 1 - d > n)	939	if (p - d + 1 > n)
935	goto truncated;	940	goto truncated;
936	i= *(p++);	941	i= *(p++);
937	if (p + i - d > n)	942	if (p - d + i > n)
938	goto truncated;	943	goto truncated;
939	for (j = 0; j < i; j++) {	944	for (j = 0; j < i; j++) {
940	if (p[j] == 0)	945	if (p[j] == 0)
@@ -1655,7 +1660,7 @@ ssl3_get_client_key_exchange(SSL *s)
1655	/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */	1660	/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
1656	}	1661	}
1657		1662
1658	if (p + 2 - d > n) /* needed in the SSL3 case */	1663	if (p - d + 2 > n) /* needed in the SSL3 case */
1659	goto truncated;	1664	goto truncated;
1660	if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&	1665	if ((al == -1) && !((p[0] == (s->client_version >> 8)) &&
1661	(p[1] == (s->client_version & 0xff)))) {	1666	(p[1] == (s->client_version & 0xff)))) {